Monday March 7, 2016 8:30-9:45 A.M. Opening Comments and North American Awards GS 1 A Call to Arms: The Role of the Chief Audit Executive in the (Ongoing?) Cyber War The Honorable Theresa M. Grafenstine, CIA, CGAP Inspector General House of Representatives In this session, participants will:

Receive an overview of classic breach tactics.

Describe what good security and controls look like.

Discuss how the U.S. House of Representatives’ Office of the Inspector General has taken a proactive role in helping the House to address cyber threats.

Identify tactics and strategies every internal audit function can and should take to be in a better position to respond if and/or when a breach occurs.

The Honorable Theresa Grafenstine was named inspector general of the U.S. House of Representatives (House), having been unanimously appointed by the House Speaker, Majority Leader, and Minority Leader. Over the past 23 years, she has served in the inspector general community in both the legislative and executive branches of the Government. As the inspector general, she is responsible for planning and leading independent, non-partisan audits, advisories, and investigations of the financial and administrative functions of the House. Grafenstine is also an active volunteer in support of the IT, governance, internal auditing, and accounting professions, and currently serves as on the board of directors and on the finance committee of the American Institute of Certified Public Accountants (AICPA). She also serves as international vice president and audit committee chair for ISACA. In addition, she provides financial oversight as the audit committee chair of the Pentagon Federal Credit Union, with over $19 billion in assets and 1.2 million members.

Monday March 7, 2016 10:15-11:15 A.M. GS 2 Navigating a Cyber Security Crisis Kelly Barrett Vice President, Internal Audit & Corporate Compliance The Home Depot In this session, participants will:

Learn steps to take after a data security breach including customer and associate communication, navigating regulatory implications, press releases, and communications with Board of Directors.

Hear about setting up an effective Incident Response Team.

Explore best practices for data security and privacy governance.

Gain an understanding of internal audit’s role in mitigating the risk of a data security breach and in the breach response if one occurs.

Kelly Barrett joined The Home Depot in January 2003 as Vice President, Corporate Controller. In this role, she was responsible for all of the Company’s internal and external financial reporting including its filings with the Securities and Exchange Commission, as well as the Company’s Financial Controls and Financial Systems. In 2004, she led the world’s largest finance SAP implementation, an $80 million project and co-led the Company’s successful first year compliance with Sarbanes-Oxley 404. In October 2005, she was named Vice President, Internal Audit. As Vice President, Internal Audit, she has the responsibility for one of the Company’s Leadership Programs that serves as a pipeline of talent for The Home Depot. She is also responsible for developing and executing an Audit Committee risk-based audit plan and the Company’s Enterprise Risk Management function. In April 2007, she also assumed responsibility for Corporate Compliance. Prior to joining The Home Depot, she served as Senior Vice President and Chief Financial Officer for Cousins Properties Incorporated, where she enjoyed a very successful career for more than ten years. Cousins Properties Incorporated is a real estate investment trust based in Atlanta and traded on the NYSE. Before joining Cousins, she was an Audit Manager at Arthur Andersen in Atlanta where she worked for seven years. Kelly graduated from Georgia Tech in 1986 with highest honors and first in her class, earning a Bachelor of Science in Industrial Management. She is a Certified Public Accountant. In April 2006, she was inducted into the Georgia Tech College of Management’s Council of Outstanding Young Alumni which recognizes alumni for their

career achievements and contributions to Georgia Tech and society. She serves on the Board of State Bank Financial Corporation, the publicly traded holding company for State Bank and Trust Company, one of Georgia’s best-capitalized banks. Kelly also serves on the Board of the YMCA – Metro Atlanta including the Executive Committee and Finance Committee; she was the volunteer Treasurer. She was recognized as the YMCA Volunteer of the Year in 2010. Kelly also serves on the Board of The Girl Scouts of Greater Atlanta where she is the Chair of the Audit Committee. Previously, Kelly served on the Board of Partnership Against Domestic Violence, where she was the volunteer Treasurer and received its Legacy Society Award in 2013. In addition, Kelly serves on the Georgia Tech Board of Trustees and is the Chair of the Advisory Board of Georgia Tech’s Scheller Business School. She is also a member of the Atlanta Rotary Club and serves on its Executive Committee. She and her husband, Rick, reside in Marietta, Georgia and both are recovering avid runners who now enjoy cycling and yoga. Kelly has completed four marathons, including two Boston Marathons.

Monday March 7, 2016 12:30–1:30 P.M. CS 1-1 Developing IT Governance: Achieving Balance Among IT, Operations, and Internal Audit Mary Jo Flynn, CIA, CCSA Director, Audit Management, Compliance UnitedHealthcare Susan Heichert Sr. Vice President and Chief Information Officer Allina Hospitals and Clinics In this session, participants will:

Increase your understanding of IT governance.

Learn from a case study how IT governance was implemented in a health care system.

Understand the role of internal auditing in promoting and sustaining IT governance. Identify the role and responsibilities of operations in the governance process.

Discuss the challenges in the development and implementation process.

Mary Jo Flynn has 30 years of health care experience in a variety of leadership positions. She joined UnitedHealthcare in 2013 as a director of the compliance audit department, leading a team of compliance auditors, risk assessment, audit plan development and execution, and collaborating with operational leadership and personnel. Previously, she was the CAE at Allina Health, having spent 17 years in that organization in a variety of leadership roles in operations, compliance, and internal auditing. As Chief Audit Executive, she was responsible for risk assessment, audit planning, conducting engagements, and department management of regulatory, IT, financial, and operational audit teams. In 2015, Flynn was elected to the Board of Directors for the Association of Healthcare Internal Auditors (AHIA). Susan Heichert has served in various roles during 11 years at Allina Health, with a focus on implementation of the Electronic Health Records (EHR). She is a member of CHIME (College of Health Information Management Executives) and is a Fellow of the Healthcare Information and Management Systems Society (HIMSS). CS 1-2 Are you Leading or Managing Others? Katherine Findlay Vice President, Internal Audit Southwest Airlines In this session participants will:

Identify the leadership skills essential to organizational success.

Understand how to LEAD rather than "manage" others.

Discuss the makeup and requirements of today's workforce. Hear practical advice for effectively leading teams and addressing important issues. Katherine Findlay joined SWA’s internal audit group in 1993 before moving into the finance organization as director of maintenance finance and budgets. Since that time, she has led both financial and operational groups, and returned to internal audit, which champions compliance and offers practical solutions to improve business operations and assist in corporate governance, in 2010. Findlay has received SWA’s prestigious “Leading by Example” and “Winning Spirit” awards. Prior to joining SWA, she was a financial auditor at Ernst & Young. Findlay is member of the University of Texas at Dallas (UTD) Internal Audit Education Partnership (IAEP) Advisory Board as an advocate for the profession, continuing to host students and visitors as they explore careers in internal auditing.

CS 1-3 Technology Champions: Key Enablers for Internal Audit Phillip Billington Vice President, Internal Audit HCA Healthcare Sarah Myers Director of Marketing & Strategic Alliances Wolters Kluwer In this session, participants will:

Understand how appointing a technology champion can further the technology strategy of your department.

Gain insights into the activities technology champions are carrying out that have the largest impact on productivity.

Learn additional best practices from real-life examples. Sarah Myers has worked closely with many organizations using TeamMate to enhance their audit processes through automation. She has conducted many audit technology implementation and training sessions across the U.S. Meyers has also demonstrated and lectured on audit automation at a numerous conferences, seminars, and meetings. Prior to joining Wolters Kluwer, she spent 18 years in audit and audit technology at PwC, and has been working with TeamMate since 1997. CS 1-4 Auditing Strategic Risks: Approaches to Fit Your Organization Ann Scovil Vice President GoDaddy.com In this session, participants will:

Consider whether focusing on strategic risk is right for your internal audit function.

Identify approaches to gaining a greater understanding of your organization's strategy and strategic risks.

Share how internal audit's plan can be aligned with company strategies. Ann Scovil joined GoDaddy.com in 2015, prior to the company's IPO. Prior to

GoDaddy.com, she was chief compliance officer and vice president of assurance, risk and compliance for Target Corporation. In her over 20-year career there, Scovil led a number of financial planning, accounting, audit, and corporate compliance functions. She currently serves on the Dean's Advisory Board for the University of St. Thomas School of Law, Organizational Compliance and Ethics degree program. CS 1-5 COSO ERM Integrated Framework Update Robert B. Hirth, Jr. Chairman COSO Frank Martens Director, Risk Assurance PwC In this session participants will:

Review the rationale for the ERM revision and the revision process.

Learn about key input from stakeholders.

Discuss major areas of revision and important changes on the horizon.

Receive the scheduled timetable for finalization, translation, and distribution. Bob Hirth was elected to serve as COSO’s chairman in 2013. His experience includes all of COSO’s mission disciplines: ERM, internal control, and fraud deterrence. He has worked on assignments and made presentations in over 15 countries, serving more than 50 organizations and working closely with board members, C-level executives, finance and accounting personnel, and accounting firm partners and employees. Hirth is a recognized leader in the internal audit profession, having been inducted into The IIA’s American Hall of Distinguished Audit Practitioners in 2013. Additionally, he has served as a volunteer leader for The IIA Research Foundation. . Frank Martens served as the Project Lead Director on the PwC team that updated the 1992 Internal Control–Integrated Framework (Framework) in 2013. He was a principal contributor on the Internal Control over Financial Reporting (IC-FR) – Guidance for Smaller Public Companies, developed to assist smaller companies applying the Framework. Martens was a principal contributor to COSO’s Enterprise Risk Management–Integrated Framework in 2004, and is serving as the team leader for the ERM framework revision project under the direction of the COSO Board.

CS 1-6 In Conversation With.. What Companies Are Looking For in CAEs Charles Eldridge Senior Partner Korn Ferry Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA President and CEO The IIA Chuck Eldridge provides talent management solutions including executive recruitment, succession planning, organizational design, and talent consulting to public and private companies and select higher education/not-for-profits. For executives, he provides a variety of career management services. Eldridge worked in public accounting for about 20 years before transitioning to talent management. His leadership has been instrumental in developing Korn Ferry’s financial officers practice, which he led for seven years, and he served on the firm’s North America Operating Council and Global Partnership Council. Eldridge has authored and co-authored numerous thought leadership publications and frequently presents on talent management topics related to finance and accounting. Prior to his career switch, Eldridge served Ernst & Young as the engagement partner for clients including The Coca-Cola Company, McDonald’s, and American Express, while based in Russia. Eldridge also served Ernst & Young in human resources capacities, including his role as the firm’s national director of recruiting and university relations. Richard F. Chambers has more than four decades of internal audit and related experience. Previously, Chambers was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the COSO Board of Directors, International Integrated Reporting Council (IIRC), and IIA Board of Directors. Previously, he served on the U.S. President’s Council on Integrity and Efficiency; Audit Board of the City of Orlando, Fla.; IIA Internal Audit Standards Board; and IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today named him one of the Top 100 Most Influential People in Accounting as well as one of 10 tweeters worth following. The National Association of Corporate Directors

(NACD) named him one of the most influential leaders in corporate governance. In 2014, Chambers authored the award-winning book, Lessons Learned on the Audit Trail.

Monday March 7, 2016 1:45–2:45 P.M.

CS 2-1 The Evolving Impact of Cybersecurity Emilio Williams, CIA Global IT Audit Director Dell, Inc. Gary Pollack Senior Vice President American Express Lisa Hartkopf Partner EY Phillip Nemmers Partner EY In this session, participants will:

Engage in a discussion with panelists about the latest cybersecurity issues and trends affecting companies.

Hear approaches leading organizations are taking steps to be prepared.

Discuss the specific need to assess and address the effectiveness of an organization’s overall IT risk management (ITRM) program.

Identify ways internal auditors can help an organization address its cybersecurity risks.

Emilio Williams is responsible for planning and executing on Dell’s IT audit plan. He has more than 25 years of experience in IT security, compliance, and governance including internal audit management positions in the US federal government, financial services and the IT industry. Prior to joining Dell, Williams worked for the Panama Canal for 16 years where he built the IT Audit Function.

Gary Pollack is a senior executive with more than 20 years of financial services industry experience. He has served in several management positions in the areas of audit and risk management, IT, and consumer compliance roles. Pollack is a proven leader and has extensive experience leading high-performing teams, and cultivating effective partnerships with senior management and regulatory agencies. Lisa Hartkopf is with EY’s Advisory Practice and also serves as EY’s Americas internal audit leader. She has more than 19 years of public accounting experience working in assurance, transaction, and advisory services. Hartkopfa leads the innovation, thought leadership, methodology, client service, and go-to-market growth initiatives around internal audit services in the Americas and works with clients to maximize operational effectiveness and efficiency of process, risks, and controls primarily with automotive, consumer products, and diversified industrial manufacturing companies. She has also assisted clients in their implementations of Sarbanes-Oxley, Japanese Financial Instruments and Exchange Law (J-SOX), and ERM programs. Phil Nemmers is with EY’s Advisory Services focusing on cybersecurity. He has 30 years of experience at EY in the evaluation of complex IT control environments and service organization control reporting; he also has extensive experience leading various types of security-related assessments. Nemmers is currently responsible for overseeing the firm’s efforts on various compliance and regulatory matters related to cybersecurity; specifically developing the assessment framework for evaluating the impact of cyber risk on financial audits; providing SMR support to regions in the delivery of cyber-related services; and leading assessment and attestation efforts related to certain regulatory requirements (e.g., Cyber attest, FISMA, FedRAMP, ISO, HIPAA/HiTRUST). CS 2-2 Building Effective Audit Committee Relationships Robert King Chief Audit Executive FedEx In this session, participants will:

Learn about audit committee roles and responsibilities.

Discover key communication tools designed to capture the attention of busy audit committee members.

Gain insights into developing and managing relationships.

Discuss monitoring of ERM, the control environment, and corporate governance.

Robert A. King is responsible for leading and directing the organization’s worldwide internal audit organization in proactively and independently identifying and assessing key business risks for the corporation. In addition, he serves on the Information Technology Oversight Committee of the FedEx Board of Directors. King has more than 30 years of auditing, accounting, and IT experience. He has been a leader in developing and promoting best practices as an integral part of the internal audit department and ensuring the audit organization is a catalyst for improving the quality of controls, operations, and strategies. King is a frequent speaker within the audit industry on topics including audit committee effectiveness, fraud auditing, and best practices in internal audit. He serves on the Advisory Board of Louisiana State University E.J. Ourso College of Business Center for Internal Auditing and the Accounting Advisory Board of Christian Brothers University. CS 2-3 Team Accountability Mike Cowell, CIA Chief Audit Executive, General Auditor TIAA In this session, participants will:

Leverage the data inherent in managing internal audit programs and projects to develop tracking and reporting mechanisms to facilitate team accountability.

Discover approaches for tracking and reporting on successes and areas of focus to multiple audiences including audit committees, CEOs, internal audit leaders, and internal audit project delivery teams.

Recognize the linkage in personal and team accountability between program level and engagement level success factors, performance reviews, and compensation.

Mike Cowell oversees 125 professionals representing both the internal audit and internal investigation functions, performing objective and independent audit, advisory and investigative services. In this role, which he assumed in 2008, Cowell is responsible for providing strategic direction and management to the audit leadership team for all legal entities and businesses of TIAA-CREF. Previously at TIAA-CREF, he held the positions of vice president, deputy chief auditor and director, audit executive supporting the business units encompassing the functions of institutional and individual client services, product development and management, and institutional and individual operations. Prior to joining TIAA-CREF, Cowell was a senior manager with EY’s Risk Advisory Services practice, and a senior auditor with PricewaterhouseCoopers LLP.

CS 2-4 CEB Audit Leadership Council: Auditing Through Organizational Change Dominique Vincenti Vice President, Internal Audit and Financial Controls Nordstrom, Inc. Jim Fitzmaurice Senior Director and Executive Advisor CEB Margaret Porter Practice Leader CEB In this session, participants will:

Touch on some of the major components changing today’s audit universe, making it a veritable moving target.

Discuss how these significant challenges affect the effectiveness of the control environment.

Discuss why audit agility is insufficient in addressing the root causes of risk management failures in the current environment of massive organizational change.

Identify methods to supplement audit’s agility with activities to ensure the business can manage risks during times of high change.

Dominique Vincenti has more than 25 years of experience including internal audit management positions principally in the retail industry for prominent international retailers including Marks & Spencer, Gucci, Yves Saint Laurent, Alexander McQueen, Balenciaga, Stella McCartney, Puma, and more. For 6 years prior to joining Nordstrom, she was a chief officer at The IIA overseeing the organization’s professional, research, and technical practices, developing guidance, and representing the internal audit profession worldwide on governance, risk, and control issues, working with other professional, national, or international institutions and regulators including the U.S. Securities and Exchange Commission, the International Organisation of Supreme Audit Institutions (INTOSAI), the International Federation of Accountants (IFAC), and the European Commission. Jim Fitzmaurice provides guidance and shares proven tactics that help ERM and

internal audit executives improve individual, functional, and corporate performance. Prior to joining CEB, Fitzmaurice served as a subprime mortgage account executive at The Lending Group, as a branch officer at Chevy Chase Bank (Capital One), and worked as a middle-school mathematics teacher. Margaret Moore Porter has over 11 years of experience working with finance, audit, and risk management executives at CEB. She is responsible for the operations and management of the Council, a member-based research and advisory program that delivers unbiased guidance and proven solutions to over 600 of the world’s leading internal audit organizations. Porter develops research, information, and tools that to help internal audit leaders make effective decisions around key challenges, including risk assessment, audit planning, talent development, and audit committee reporting. Prior to joining the CEB Audit Leadership Council, Porter worked with CEB’s Finance Leadership Council in client service and account management roles. She has also worked as an executive search associate with Korn/Ferry International. CS 2-5 Enterprise Risk Assessment Adam Marshall, CIA Director, Risk Advisory Services RSM US LLP. Ian McConnel Director of Government Affairs & Associate General Counsel Corporation Service Company Shawn Dahl National Leader, eGRC and ERM RSM US LLP. In this session participants will:

Review ERM principles and practical components to perform a more strategic risk assessment for internal audit purposes.

Better use of the strategic planning process as a key input to the audit plan.

Discuss “real time” assessment approaches used for better identifying and assessing emerging risks and macro events.

Incorporate both traditional and macro level internal/external risk factors identified into the internal audit risk assessment and audit plan.

Shawn Dahl is responsible for ongoing framework and methodology development, and

client support, bringing more than 25 years of diverse experience to McGladrey (now RSM) through executive positions in internal audit and risk management. Prior to joining McGladrey, he served as the managing director-Carolinas for Jefferson Wells for four years. Previously, his experience in Fortune and FTSE 100 Companies includes Kellogg, Whirlpool, Allied Domecq. and All State. Ian McConnel is responsible for managing and developing CSC’s government relations efforts, providing legal guidance to the company’s business units and facilitating enterprisewide risk management reviews. In addition, he is responsible for implementation of the company’s crisis management and business continuity protocols and procedures across all business unit lines. McConnel began his legal career as an associate at the law firm of Morris, Nichols, Arsht & Tunnell LLP, and later served at the Delaware Department of Justice in a number of senior leadership roles, ultimately as Chief Deputy Attorney General. Prior to becoming a lawyer, McConnel worked in the financial services industry and served in the U.S. Marine Corps as an Infantry Officer. Adam Marshall specializes in developing ways to further enhance risk management methodologies, processes, and tools for the company’s clients. He assists organizations in establishing and enhancing end-to-end risk management processes, providing guidance on risk governance, appetite, and risk management processes. Marshall’s experience includes providing both outsourced and cosourced internal audit and risk advisory services to various organizations including global Fortune 500 and 1000 companies. CS 2-6 In Conversation With.. Auditing Culture Cynthia G. Plamondon, CIA, CCSA, CFSA, CGAP, CRMA, QIAL Senior Vice President and Chief Officer, Global The IIA Ian Peters, Ph.D. Chief Executive Officer Chartered Institute of Internal Auditors (IIA–UK and Ireland) In this session, participants will:

Receive a clearer picture of the concept or definition of culture.

Debate the transition from an organization living up to its values to “hardwiring” a culture throughout an organization’s governance.

Exploring using observation, interviews, and hard data to measure the immeasurable.

Share thoughts on the way forward when auditing culture. Cyndi Plamondon oversees certifications, standards and guidance, institute relations, and governance for The IIA. Most recently, she was responsible for the administration, development, and delivery of 12 certification exam offerings in 20 languages on a global basis to internal audit professionals and 165 countries as vice president of global professional certifications. Since joining The IIA, Plamondon has served the organization as vice president of professional practices, vice president of educational programs, and manager of quality assurance reviews. Prior to joining the organization, she was director of internal audit for PSS World Medical Inc., manager of quality assurance reviews for The IIA, and inspector general for the University of North Florida in Jacksonville. She also worked in internal audit for Prudential Insurance Co. for more than nine years in both the insurance and financial services. Ian Peters has served as CEO of the Chartered Institute of Internal Auditors since 2009. He was previously director of external affairs at the Engineering Employers Federation (EEF) from 2001 and before that deputy director general of the British Chambers of Commerce. He also worked for the Confederation of British Industry leading work on small and medium enterprises and for international PR agency Burson- Marsteller. Peters is a currently a member of the Advisory Panel of the UK Chartered Banker Professional Standards Board and has served on a number of government committees. In 2015 Peters was awarded an MBE for services to regulatory reform and in recognition of his work as a member of the Government's Regulatory Policy Committee (RPC).

Monday March 7, 2016 3:15–4:15 P.M. CS 3-1 Privacy in Audit: Panel Discussion Moderator: JoAnn C. Stonier Executive Vice President Information Governance and Chief Privacy Officer MasterCard Worldwide and IAPP Panelists: David Hale CPO and Associate General Counsel

TD Ameritrade Zoe Strickland Managing Director, Global Chief Privacy Officer JP Morgan Chase & Co. In this session, participants will:

Discuss the chief privacy officer’s role in managing data protection and customers’ privacy concerns.

Learn how organizations are recognizing the need to better manage privacy and examine how they handle data within the organization as a whole.

Explore potential consequences of breaches in terms of reputation and lost revenue.

Hear from a panel of global financial experts on the current challenges of privacy issues and how they protect their customers and their brands.

David Hale supervises the legal aspects of both the intellectual property and data protection functions for the company. He is also the chair of the Securities Industry and Financial Markets Association (SIFMA) Privacy Subcommittee and a member of the Publications Advisory Board for the International Association Of Privacy Professionals. Hale served as adjunct professor at the University of Baltimore School of Law teaching courses on media and intellectual property where he co-wrote Snake-Oil Security Claims: the Systematic Misrepresentation of Product Security in the E-Commerce Arena for the Michigan Telecommunications and Technology Law Review, Vol 9. JoAnn Stonier is responsible for privacy compliance and information governance including identifying MasterCard’s data strategy as an element of the company’s product and business strategy, and for privacy and data protection compliance and regulatory engagement. In addition to her work at MasterCard, Stonier is an adjunct professor at Pratt Institute where she teaches business strategy and international business in the Design Management Master’s program. She is recognized as an expert in the field of financial privacy and is on the Board of Directors of the International Association of Privacy Professionals, currently serving as treasurer. Zoe Strickland is responsible for domestic and global privacy compliance at the company enterprise level, including its privacy policies, procedures, governance, strategy, training, and administration. Previously, she served as the vice president, chief privacy officer for UnitedHealth Group and for Walmart Stores Inc. Strickland serves on the Advisory Board of the Future of Privacy Forum and several other cross-industry organizations. She previously served on the Board of Directors for the International

Association of Privacy Professionals (IAPP). Strickland is a frequent speaker at industry conferences and events, has testified before subcommittees of the House Energy and Commerce Committee, and has been quoted in numerous national and trade media sources. CS 3-2 Professional Skepticism and Critical Thinking Skills for Internal Auditors Patricia K. Miller, CIA, QIAL, CRMA Partner (Retired) Deloitte & Touche LLP In this session, participants will:

Understand the requirements for professional skepticism and how to think critically throughout an audit.

Identify frameworks that facilitate professional judgment and critical thinking.

Discuss how, when, and why critical thinking is used during internal audit phases including interviewing, planning, risk assessment, and evaluating results.

Patty Miller is an experienced internal audit professional with expertise in governance, risk management, and internal control, and significant consulting and managerial experience in finance, accounting, internal auditing, and risk management. Miller worked with Deloitte & Touche for 14 years before founding her own consulting firm, PKMiller Risk Consulting, LLC. She has been active in global leadership roles with The IIA and currently serves as chairman of the International Internal Audit Standards Board. Miller is a frequent speaker on governance, control and risk management topics, and has co-authored research projects and articles for The IIA Research Foundation and Internal Auditor magazine. CS 3-3 Leveraging Your Full Toolbox to Develop World-Class Audit Talent Karen C. Begelfer, CIA, CRMA Chief Audit Executive Sprint In this session, participants will:

Discuss a variety of methods available to CAEs to help their teams grow their skills.

Explore innovative approaches to teaching and learning using case study examples.

Hear how to integrate the techniques to develop a comprehensive audit learning and development program.

Karen Begelfer leads the internal audit function including corporate audit, retail audit, and ERM. Prior to Sprint, she served as vice president and chief auditor of Payless Holdings, responsible for the international corporate audit team, the ERM function and the sustainability initiative. Prior to Payless, Begelfer was a director of internal audit at The Home Depot, directing audits in the finance and shared services areas, including Sarbanes-Oxley testing. Previously, she delivered post-deal integration services at PricewaterhouseCoopers and was a member of the corporate audit staff at General Electric. CS 3-4 The Future of Big Data Risk Analytics and Obsoletion of the Traditional Internal Auditor Dan Zitting Chief Product Officer ACL In this session, participants will:

Define the people, process, and technology steps to take in maturing to a data-centric approach to audit and risk management.

Describe the distinction between traditional data mining audit analytics and forward-looking risk analytics, and understand how both fit into an effective program.

Review case studies of what worked and what didn’t at leading organizations shifting to a data-driven approach to audit and risk.

Dan Zitting is responsible for product management, design, and user experience for ACL’s software products. His previous experience was in the audit, risk and assurance industry. After working for several years at Ernst & Young, he co-founded a CPA firm that provided audit services to a global clientele and during which, he developed a web- based software for auditors which eventually led to the launch of a company that was acquired by ACL. Zitting is a three-time winner of the CPA Practice Advisor magazine’s 40 under 40 and Readers’ Choice awards. CS 3-5 CBOK: G.R.E.A.T Ways to Motivate Your Staff

Douglas Anderson, CIA, CRMA Managing Director, CAE Solutions The IIA In this session, participants will:

Align personal goals of internal auditors to internal audit department goals and the organization’s strategies. (Goal-Setting)

Identify talent amidst changing needs of internal audit and the business. (Recognizing)

Build capability and capacity for internal audit overall and individually. (Equipping)

Evaluate internal auditors against overall internal audit department performance. (Assessing)

Provide incentives and recognition to motivate internal auditors. (Treating) Doug Anderson recently joined The IIA after serving as an executive in residence and assistant professor of accounting and finance at Saginaw Valley State. Until 2013 Anderson worked with The Dow Chemical Company for 22 years. His roles at Dow included 16 years in internal audit (9 years as CAE), a global finance director in corporate controllers supporting acquisitions, divestitures, and joint ventures, and the finance leader for the global Dow latex business. Previously he spent 10 years with PriceWaterhouseCoopers. CS 3-6 In Conversation With… Building an Adaptive Internal Audit Function Lisa Lee Director, Internal Audit Google, Inc. Princy Jain, CIA, CCSA, CRMA Partner PwC In this session, participants will:

Discuss how to build a dynamic, flexible, and adaptive internal audit function.

Learn ways to respond to the changing needs of the business, control environment, and stakeholder expectations.

Explore alignment of internal audit resources and the mindset required to make this adaptive internal audit function style work.

Lisa Lee leads internal audit and portfolio risk management at Google where she established the Sarbanes-Oxley compliance program and internal audit function. Before joining Google, Lee held positions at other technology companies such as Cisco Systems, and worked in tax and audit at KPMG. Princy Jain has more than 20 years of experience serving technology-sector companies and has spent the past 10 years serving public and venture-backed companies by providing his expertise within internal audit, Sarbanes-Oxley compliance, risk management, and related consulting services across a range of industries including semiconductor, electronics, consumer electronics, internet, software, and more. Jain is an active public speaker on topics including internal audit, Sarbanes-Oxley, and more, and has contributed as a co-author on several guidance publications produced by The IIA. He is an active volunteer at The IIA, serving on The IIA’s North American and Global Boards. He also serves on the Northern California’s Board of Ascend, an organization dedicated to leveraging the leadership and global business potential of Pan-Asians.

Monday March 7, 2016 4:30–5:30 P.M. CS 4-1 Audit Considerations for Cloud Environments Jason Sechrist Director, Global IT Audit Rackspace Remi Nel, CIA Manager, Global IT Audit Rackspace In this session, participants will:

Understand how and why risks are different in the cloud.

Explore audit activities to identify risks specific to a cloud environment.

Discuss Service Level Agreement (SLA) requirements that internal auditors should engage with cloud service providers early on in their organization’s procurement/design phase.

Jason Sechrist has responsibility for developing and executing on a risk-based global IT audit plan for Rackspace’s global footprint of data centers and office locations across the Americas, Europe, and Asia. Prior to joining Rackspace, he was with PwC working with internet and cloud service provider clients, interacting directly with CTOs, CISOs, compliance managers, and system engineers. His dynamic background includes leading the system life cycle of global aviation weather visualization software as a service for the United States Air Force. Remi Nel has responsibility for managing the execution of a risk-based global IT audit plan for the organization. Prior to joining Rackspace, Nel was with Ernst & Young working with banking, insurance, and IT hosting clients. He has delivered training presentations on cloud computing and Software-as-a-Service (SaaS), educating and creating awareness among audit professionals on the benefits and risks with technology. CS 4-2 Evaluating Internal Audit’s Working Relationship With Management Mary-Margaret Henke SVP, General Auditor Western Union Guy Cornelius, Ph.D. Founder and President Vine Street Consulting, Inc. In this session, participants will:

Explore definitions of "working relationship."

Identify common struggles to obtaining valuable and actionable feedback from management or the functions being audited.

Discuss a practical and effective approach to evaluating the quality of the working relationship between internal audit and management.

Review process to obtain feedback and create deliverables. Guy Cornelius is a consultant and coach to senior executives, specializing in leadership development, team building, organizational performance, and executive selection and founded his company in 2001. Since 1988, he has worked with a wide variety of organizations and industries, domestically and internationally, and currently serves as board chair of Warren Village, a 93-unit transformational housing facility that assists single mothers in achieving personal and financial self-sufficiency.

Mary-Margaret Henke has nearly 25 years’ experience in the auditing, accounting, and risk functions for financial services firms. She joined Western Union in 2007, overseeing the global internal audit function providing audit, compliance, and risk management guidance. Henke has also led various CFO strategic initiatives including Oracle and Wall Street-system implementations, ERM as well as acquisition/integration activities. Prior to joining Western Union, Henke was the general auditor for Janus Capital and the assistant controller at CoBank, a $30 billion bank in the farm credit system, managing the corporate accounting, investment and derivative accounting, financial reporting, and tax units of the controller division. She began her career with PricewaterhouseCoopers LLP and spent 10 years specializing in financial services. CS 4-3 The Stay Interview Richard Finnegan Chief Executive Officer C-Suite Analytics In this session, participants will:

Discuss the “secret sauce” to keeping and engaging valued team members.

Develop the top 4 skills for conducting stay interviews.

Learn the 5 key questions that must be included.

Identify sure-fire ways to surface each employee's most important issues. Dick Finnegan is recognized by executives in human resources management as a leading thinker and adviser on strategies and tactics to retain valuable employees. Finnegan is author of four top-selling books including The Power of Stay Interviews for Engagement and Retention, which is the top-selling book in the Society for Human Resources Management’s history. He has written other books, including Rethinking Retention in Good Times and Bad, The Stay Interview: A Manager’s Guide to Keeping the Best and Brightest, and HR’s Greatest Challenge: Driving the C-Suite to Improve Employee Engagement and Retention.

CS 4-4 What Does the Audit Committee Expect From a State of the Art Audit Department? Larry Hubbard, CIA, CCSA Principal Larry Hubbard & Associates In this session, participants will:

Identify categories in which audit committees have pigeon-holed areas of business.

Discuss those categories and internal audit’s place and abilities to contribute within each.

Explore how the maturation of controls within an organization affect internal audit’s ability to contribute meaningfully.

Larry Hubbard is a professional trainer and consultant with a broad background in accounting, auditing, and finance. Prior to founding Larry Hubbard & Associates, his work experience included Mobil Corporation and EY. In addition to conducting his own training seminars, Hubbard frequently conducts training for other associations, such as The IIA. CS 4-5 Does Your Board of Directors Know the Maturity of Your Risk Management Capabilities? Brian Christensen Executive Vice President, Global Internal Audit Protiviti Jim Werner Vice President of Internal Audit Hyatt In this session, participants will:

Discuss at what stage of maturity an organization’s risk management capabilities are, both for the enterprise as a whole and for the most critical risks.

Debate whether an organization’s risk responses to address individual risks reflect a careful assessment of the appropriate capabilities needed to reduce risk to an acceptable level.

Evaluate whether our risk management capabilities require improvement and if so, talk about plans to take them to the next level of maturity.

Ask important questions about over-reliance on individuals to manage the most critical risks, therefore risking exposure in the event of an unexpected departure or termination.

Brian Christensen is a member of Protiviti’s executive leadership team and is the current global leader of the firm’s Internal Audit and Financial Advisory Solution. In this role, he is responsible for the development and execution of Protiviti’s internal audit products. Christensen has more than 25 years of experience in helping clients increase the value of their internal audit function. He is a frequent speaker on auditing and risk topics at national conferences. Jim Werner joined Hyatt Hotels Corporation in 2007 to help transform the internal audit department in anticipation of the company’s IPO. In his current role, he is responsible for Hyatt’s enterprise audit function (including corporate, IT, and hotel audit activities), and the Sarbanes-Oxley testing program. Werner also chairs the company’s Global Risk Council. He began his career at Arthur Andersen and took on roles of increasing responsibility, eventually becoming the chief audit executive at Andersen Consulting (Accenture) and then Hewitt Associates before joining Hyatt. CS 4-6 In Conversation With.. Talent Management Cassian Jae Financial Services Center Director The IIA Mark Carawan, Ph.D. Chief Auditor Citigroup In this session, participants will:

Discuss recruiting, developing, and retaining a top performing team.

Share thoughts on tools for attracting and retaining subject matter experts, with not only the audit skills but also the soft skills necessary for effective stakeholder interaction.

Examine how CAEs can present talent with new challenges and opportunities for development while still getting through the audit plan.

Cassian Jae is the director of The IIA’s Financial Services Audit Center, which launched in June 2015. He is responsible for the Center’s content and operations. Prior to joining The IIA, Jae was a compliance director at John Hancock Investments implementing enterprisewide compliance, legal, and audit initiatives. Mark Carawan joined Citigroup in 2011 as Citigroup chief auditor and managing director responsible for the internal audit department. He is now responsible for internal audit’s delivery of assurance on governance, risk management, and control across Citigroup globally to executive management and the board. Prior to joining Citi, Carawan served as chief internal auditor for Barclays Group where he led a major transformation of their internal audit function. Previously, he served as managing partner responsible for enterprisewide assurance to wholesale financial services institutions at Deloitte (UK). Prior to joining Deloitte, Carawan was managing partner for Andersen’s global Privatisation and Emerging Markets practice with responsibility for overseeing business activities in more than 50 non-OECD countries. He is president of the Chartered Institute of Internal Auditors (IIA–United Kingdom and Ireland).

Tuesday March 8, 2016 8:30–9:45 A.M. GS 3 When Culture Is the Culprit Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA President and CEO The IIA In this session, participants will:

Explore the attributes of strong organizational cultures.

Focus on the role of internal audit in fostering a healthy ethical climate.

Debate internal audit’s role in assessing culture.

Identify the dilemmas facing internal audit in unhealthy cultures. Richard F. Chambers has more than four decades of internal audit and related experience. Previously, Chambers was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the Army Worldwide Internal Review Organization at the Pentagon. He currently serves on the COSO Board of Directors, International Integrated Reporting Council (IIRC), and IIA Board of Directors. Previously, he served on the U.S. President’s Council on

Integrity and Efficiency; Audit Board of the City of Orlando, Fla.; IIA Internal Audit Standards Board; and IIA North American Board. Chambers received the Association of Government Accountants (AGA) Frank Greathouse Distinguished Leadership Award and the National Association of Black Accountants (NABA) Legacy Award. Accounting Today named him one of the Top 100 Most Influential People in Accounting as well as one of 10 tweeters worth following. The National Association of Corporate Directors (NACD) named him one of the most influential leaders in corporate governance. In 2014, Chambers authored the award-winning book, Lessons Learned on the Audit Trail.

Tuesday March 8, 2016 10:15–11:15 A.M. CS 5-1 A Unified Framework for Managing Information Technology & Security Risks Eric Allegakoen, CIA, CSSA, CRMA Vice President and Chief Audit Executive Adobe Systems In this session, participants will:

Understand the IT and security risks facing organizations today.

Appreciate the need for internal auditors to play a greater role in managing IT risks.

Review the unified approach at Adobe to auditing IT risks

Leveraging GRC technology for sustained compliance and assurance. Eric Allegakoen has more than 25 years’ of global experience in auditing and assurance services gained both in professional services and in industry. Allegakoen serves on The IIA’s Global and North American Boards of Directors. CS 5-2 Effective Board and Audit Committee Communications – Perspectives Mike Cronin Director Deloitte & Touche LLP. Melissa Jolly, CIA, CRMA Senior Manager Deloitte & Touche LLP. Ronald Steger

Chairman, Governance and Risk Assessment Committee Overseas Shipholding Group In this session, participants will:

Outline the current challenges facing board and audit committee members.

Examine how the roles and responsibilities of governance members have changed over the years.

Share suggested practices on how to improve communications with governance members.

Walk through tools, templates, and examples that have proven effective. Melissa Jolly has nearly 15 years of operational auditing experience, with the past eight years focused on life sciences and health care organizations. This work includes managing large, multi-location, financial, operational, and IT audits for both private and public companies. She manages both cosourcing and outsourcing internal audit arrangements with clients and is responsible for overall engagement quality and board level presentations. Jolly has experience performing both quality and strategic assessments of internal audit functions, helping the functions better align with management’s expectations with a continued focus on compliance with IIA Standards. She has also successfully coordinated enterprisewide risk assessments (EWRA) and facilitated workshops with executive teams and senior management to identify and assess inherent and emerging risks. Jolly has also served as a key liaison for communication channels critical to the successful EWRA structure. Mike Cronin has more than 21 years of internal audit and accounting experience with “Big Four” accounting firms, and now works exclusively serving the company’s health care provider clients. He is responsible for the day-to-day execution of co-sourced and outsourced internal audit relationships, including developing annual internal audit plans, developing project objective and scope documents, supervising internal audit teams, coordinating the use of specialty resources on projects, preparing project reports and deliverables, presenting project results to management, and interacting with senior management and the audit committee. Cronin works with the firm’s health care clients in implementing ERM solutions. Ron Steger also serves as a member of Overseas Shipholding Group’s audit committee. He is the senior technical adviser at The Effectus Group, a boutique accounting advisory firm. Steger was an audit partner with KPMG serving as both a US SEC reviewing partner and IFRS reviewing partner, two senior positions at the firm. He also served as the global head of the firm's semiconductor practice and was the US national director for Electronics.

CS 5-3 Team Management in Internal Audit Gregory Jordan, CIA, CRMA Senior Vice President, Office of Internal Audit Nationwide Insurance Paul McDonald Senior Executive Director Robert Half In this session, participants will:

Discuss CBOK report findings that highlight the areas in need of the greatest improvement for today’s internal auditors.

Identify ways managers can help their teams shore up in-demand skills.

Learn proven professional development strategies.

Explore how internal audit leaders can work with external hires and subject matter experts to hone their employees’ abilities.

Greg Jordan began his career at Nationwide in 2001 and has served in several business and finance leadership roles. In his current role, Jordan is responsible for reviewing and communicating the results of internal audit work and serves as a business partner/strategic advisor on various business cabinets. He previously held the positions of vice president and CFO, exclusive channel western operations, and vice president of product management for Nationwide Financial's fixed and offshore annuities. Prior to joining Nationwide, Jordan worked for six years at Midland Life Insurance Company/Swiss Re as vice president of operations and controller. He began his career with Ernst & Young for 11 years and was a senior manager in the insurance and financial services practice group. Paul McDonald has advised thousands of company leaders and job seekers on how to hire and get hired over the course of more than 30 years in the recruiting field. In addition to serving as Robert Half’s chief spokesperson, McDonald directs the company’s management training and on-campus recruiting programs. He oversees strategic partnerships with professional trade, student, and diversity organizations and runs the firm’s veterans’ outreach initiatives. McDonald has served on Robert Half’s executive steering committee since 2003. He joined Robert Half in 1984 as an accounting and finance recruiter and later assumed roles in branch and regional management. In the 1990s, he was appointed as president of the company’s Western United States region. From 2000 to 2012, McDonald served as senior executive director

of Robert Half Management Resources. In addition to overseeing the global growth of this business unit, he also led the legal, creative, and technology staffing divisions. McDonald took a prominent role in integrating Protiviti into the company when the subsidiary was formed in 2002. He assumed his current role in 2012. Prior to joining Robert Half, McDonald worked for Price Waterhouse. He writes and speaks frequently on hiring, workplace, and career management topics, has been quoted in major global media outlets, and hosts webinars and presents thought leadership on employment issues. McDonald co-authored whitepapers including Benchmarking the Finance Function with Financial Executives International, and Succeeding as a 21st Century Internal Auditor: 7 Attributes of Highly Effective Internal Auditors with The IIA. McDonald serves on the Board of Trustees at Saint Bonaventure University. CS 5-4 Helping Your Company Save Millions While Automating Your Audit Testing Rich Lanza President Cash Recovery Partners, LLC In this session, participants will:

Learn to tailor a prioritized plan for cost savings, with no budget required, using a variety of easy-to-implement cost recovery/saving initiatives.

Discover how to assess and overcome obstacles to starting a cost savings review.

Recognize how cost recovery can support any Sarbanes-Oxley or other control testing plan, supplementing existing staff at no cost.

Review cases in which such cost-cutting reviews also became effective fraud fighters.

Rich Lanza has nearly 25 years of internal and external audit experience specializing in data analytics and cost recovery efforts, while becoming a leading authority in these areas, having worked for companies ranging in size of $30 million to $100 billion helping them find value/cash savings through the use of technology and recovery auditing. He has written more than 20 publications, educational training videos, and over 100 articles on the practical use of technology in an audit setting. Lanza has been awarded by the Association of Certified Fraud Examiners for his research on proactive fraud reporting. CS 5-5 Reaping the Benefits of an Effective Quality Assurance and Improvement Program

Moderator: Joyce Vassiliou Quality Services Director The IIA Panelists: David Bayles, J.D., CIA Vice President Mylan Margaret Ulvi Director of Internal Audit Fannie Mae Mark Dunham Vice President, Internal Audit & Advisory Services Qualcomm Incorporated In this session, participants will:

Discuss why many internal audit functions struggle with implementing a quality assurance and improvement program (QAIP) and are unable to meet the requirement of an external assessment every five years.

Understand the value of a timely external quality assessment.

Identify the key challenges in establishing a robust QAIP and examples of critical success factors for an effective QAIP.

Receive advice and guidance for new CAEs and/or small audit functions on developing a QAIP.

David Bayles has served in his role since April 2010. For 17 of the past 20 years, he has worked in compliance, audit, or control functions in the oil and gas, automotive, manufacturing, and pharmaceutical industries. Prior employers include Ford Motor Company, Delphi Automotive (the former General Motors parts subsidiary), and Koch Industries. Margaret Ulvi has 16 years of internal and financial statement audit experience. She leads Fannie Mae internal audit's professional practices group, responsible for the department’s annual audit planning and risk assessment process, development and

management of internal audit reporting to Fannie Mae leadership and the board of directors, and management of the department’s audit methodology, quality assurance and improvement processes, and other professional practice activities. Previously, Ulvi was responsible for audits of various Fannie Mae business areas, and she performed financial statement audits of banks and employee benefit plans prior to joining Fannie Mae. Mark Dunham joined Qualcomm in 2012 as CAE. Prior to that, he held numerous leadership positions at IBM in accounting, finance, internal audit, and business operations. During his tenure at IBM, he served in numerous key executive roles including vice president of hardware product management transformation, general auditor, assistant corporate controller, director of business transformation, director of internal audit and business controls, director of financial planning for IBM's Asia Pacific headquarters, and CFO of IBM Japan General Business Company. Joyce Belsom-Vassiliou brings a wealth of international knowledge gleaned from 20 years of experience in the internal audit profession. As a former head of internal audit with Coca-Cola Hellenic, she led a global internal audit team. Earlier, Vassiliou was a senior audit manager in the Athens, Greece, office of Deloitte & Touche, where she led the internal audit function for an international group of 26 companies with operations in oil refining, shipping, commercial real estate development, and airline ground services. Prior to Deloitte, Belsom-Vassiliou was an audit manager with EY, also in Athens, where she led and managed multiple internal audit engagements for financial institutions. She was a member EY’s international coaching team for internal audit tools and methodology. Belsom-Vassiliou has vast experience building and leading internal audit teams, operating across multiple cultures and countries. CS 5-6 Auditing Strategically: Ensuring Effective Risk Assessment for Your Organization Greg Grocholski Vice President, Chief Audit Executive SABIC William Michalisin Executive Vice President & Chief Operations Officer, North America The IIA In this session, participants will:

Define internal audit’s value as a strategic, trusted adviser to its stakeholders.

Explore prioritizing audits based on a business unit’s impact to the business.

Identify the attributes associated with auditing strategically.

Understand the opportunities associated with internal audit’s role within the organization.

Discuss strategies and tactics to enhance internal audit’s strategic role. Bill Michalisin joined The IIA in 2013 as chief marketing officer leading all brand, marketing, communications, sales, and relationship enablement strategies across all global IIA channels. In 2014, his role was expanded to include oversight as the executive director of The IIA’s Research Foundation, and last year he assumed the role of interim chief officer for global operations with oversight of Certifications, Professional Practices, Advocacy, Institute Relations, and the International Conference. In his current role, Michalisin leads core services offered to IIA members throughout North America, including Membership, Chapter Relations, Conferences, Learning Solutions, Advocacy, and Professional Services. He also serves as president of the Internal Auditing Academic Advancement Fund (IAAAF) and manager of IIA Quality Services LLC. He continues to oversee Marketing, Sales & Communications, Business Development & Partnerships, and Publications. Prior to joining The IIA, Michalisin was industry marketing leader for consumer and industrial products at Deloitte, which included responsibilities for cross-functional delivery within aerospace and defense, automotive, consumer products, process and industrial products, retail and distribution, and travel, hospitality, and leisure sectors. Earlier in his career, Michalisin was a business strategy and process consultant at both Deloitte Consulting and Accenture, providing consulting services to clients in media and entertainment, consumer products, manufacturing, and financial services. Greg Grocholski is responsible for leading and managing the internal audit department on a global level, to ensure the implementation of internal audit best practices worldwide, as well as to coach the company’s internal audit employees to maximize their contributions to achieving the company’s objectives. Grocholski is internationally respected in the audit field and is affiliated to ISACA, for which he has served in various leadership roles. Prior to SABIC, Grocholski attained an impressive track record in the global chemicals industry with more than 30 years of service at The Dow Chemical Company. He achieved numerous promotions in the audit and finance functions, most recently holding the posts of CAE and global director of business finance.

Tuesday March 8, 2016 12:30–1:30 P.M. CS 6-1 The Role of Internal Audit in Mitigating Cybersecurity Risks Raj Chaudhary Principal Crowe Horwath LLP Raj Nagarajan, CFSA, CRMA Chief Audit Executive Wintrust Financial Corporation In this session, participants will:

Learn how successful cybersecurity strategies must include the essential role of internal auditing.

Identify effective approaches to address cyber threats.

Explore key components of a robust tactical plan to support the overall strategy.

Discuss metrics and reporting approaches.

Review scenarios that illustrate internal audit’s value. Raj Chaudhary has more than 30 years’ experience in the field of information systems. In addition to his role with Crowe Horwath, he serves as senior vice president of risk consulting at CHAN Healthcare. He has been the global solution lead for cybersecurity solutions since 2006 and has presented at industry meetings around the world on this topic. Raj Nagarajan has over 25 years' of internal audit experience in the financial services industry. He has served as the CAE at Wintrust Financial Corporation for the past 12 years. Prior to Wintrust, Nagarajan worked for First National Bank of Chicago, Bank One, and J.P.Morgan Chase in various capacities. CS 6-2 Auditing 2020: Taking Audit to the Next Level Karl Erhardt Chief Audit Executive MetLife

In this session, participants will:

Share tips on how to cope with the rapid pace of change impacting internal audit.

Find out how to deal with the explosion of data affecting today’s businesses and turn it to your advantage using data analytics.

Identify skill sets auditors need to learn to be effective in 2020 and beyond.

Learn how MetLife is preparing its auditors to be auditors of the future. Karl Erhardt manages a worldwide team of more than 300 audit professionals who are responsible for providing objective evaluations and advice on MetLife’s system of internal controls. Erhardt has more than 25 years of experience in accounting and operations for insurance, asset management, structured finance, capital markets, and derivatives. Before joining MetLife, he was vice president of internal audit for Ambac Financial Group. CS 6-3 Leveraging Diverse Backgrounds of Team Members for Greater Success Marty Gurry, CIA Audit Director Meijer In this session, participants will:

Review the pressures suggesting a need to consider team diversity.

Explore dimensions of diversity – these aren’t the bullets from your last mandatory HR training.

Discuss the implications of identified needs.

Practice using tools to assist in identifying gaps between the needs of the audit function and the profile of the existing team.

Marty Gurry has been in the audit profession for 18 years and has been the director at Meijer for the last 4 years. He has organized and led teams around the world. Gurry has presented on a variety of topics at professional industry events including fraud, problem- solving, and business resiliency. CS 6-4 Relationships & Risk: Initial Insights from North American Stakeholders Brian Christensen Executive Vice President, Global Internal Audit Protiviti

Douglas Anderson, CIA, CRMA Managing Director, CAE Solutions The IIA In this session, participants will:

Learn how internal auditors are doing on the fundamentals, based on results from the 2015 Global Internal Audit Common Body of Knowledge stakeholder study.

Discover what kind of information stakeholders want beyond assurance from auditors.

Explore stakeholders’ opinions on the auditor’s role and scope of that role in the area of strategic risks.

Discuss how to prioritize competing demands while addressing stakeholders’ expectations.

Brian Christensen is a member of Protiviti’s executive leadership team and is the current global leader of the firm’s Internal Audit and Financial Advisory Solution. In this role, he is responsible for the development and execution of Protiviti’s internal audit products. Christensen has more than 25 years of experience in helping clients increase the value of their internal audit function. He is a frequent speaker on auditing and risk topics at national conferences Doug Anderson recently joined The IIA after serving as an executive in residence and assistant professor of accounting and finance at Saginaw Valley State. Until 2013 Anderson worked with The Dow Chemical Company for 22 years. His roles at Dow included 16 years in internal audit (9 years as CAE), a global finance director in corporate controllers supporting acquisitions, divestitures, and joint ventures, and the finance leader for the global Dow latex business. Previously he spent 10 years with PriceWaterhouseCoopers. CS 6-5 Clarifying the Role of Internal Audit in Enterprise Risk Management Charles T. Wright, CIA VP, Internal Audit Devon Energy In this session, participants will:

Learn how to break ERM down into simple and practical activities/

Understand how to apply the Three Lines of Defense model to various ERM activities

Evaluate strengths and weakness of the infamous (but aging) “Fan Diagram.”

Discover practical ways to perform an ERM assessment at your organization.

Get tools and review lessons-learned from a successful assessment. Charlie Wright oversees internal audit activities at one of the world's leading independent oil and gas exploration and production companies. Prior to joining Devon in 2005, he served as general auditor at American Airlines. CS 6-6 In Conversation With..Taking Control of Internal Control Cindy Fornelli Executive Director Center for Audit Quality (CAQ) Hal Garyn, CIA, CRMA Chief Officer of Strategy & Development The IIA In this session, participants will:

Hear about the latest developments associated with effectively addressing Internal Controls over Financial Reporting (ICFR), to include: o PCAOB inspections and implications. o Implications of the U.S. Chamber of Commerce, PCAOB, and SEC

interactions. o What external audit firms are doing. o The role of the audit committee. o What CAEs should be doing.

Cindy Fornelli has served in her position since the CAQ was established in 2007. In 2015, she was honored for the seventh time by Directorship magazine as one of the 100 most influential people on corporate governance and in the boardroom. Accounting Today has named her one of the 100 most influential people in accounting for nine consecutive years. Fornelli currently serves on the Financial Accounting Standards Advisory Council, the Advisory Board of the Ira M. Millstein Center for Global Markets and Corporate Ownership, the U.S. Securities and Exchange Commission Historical Society’s Board of Trustees, the Audit & Risk Oversight Committee Advisory Council of

the National Society of Corporate Directors, and the Accounting and Auditing Committee of the International Corporate Governance Network. Prior to joining the CAQ, Fornelli was the regulatory and conflicts management executive at Bank of America and the deputy director, division of investment management of the Securities and Exchange Commission. Hal Garyn joined The IIA in 2010 and led the launch of Audit Executive Center, development of The IIA’s Washington, D.C. advocacy strategy, and oversaw a global task force to assess the future direction of the IPPF. He served as vice president of professional services/practices before being promoted to his current role in 2015. In this role, Garyn leads strategic planning for the organization, including global capacity development and strategic relationships. He also provides oversight for business planning and risk management, global advocacy, and global thought leadership. Garyn’s 33-year professional career has focused on the financial services industry, emphasizing the disciplines of risk management, internal audit, strategic planning, mergers and acquisitions, investor relations, and corporate governance. Garyn previously served on The IIA’s Global Board as its Audit Committee chairman and was a member of the Global Ethics Committee, the Global and North American Nominating committees, and the North American Board. He also was an officer and/or director of four different IIA chapters in the United States.

Tuesday March 8, 2016 1:45-2:45 P.M.

CS 7-1 Why Traditional Security Audits Look Like Swiss Cheese Aaron Kerr Director ClearView Consulting Jim Sipe Senior Manager of IT Security Services Clearview Consulting In this session, participants will:

Understand the high level root cause of recent security breaches and be able to correlate that to their business/industry.

Discuss the limitations of existing audit techniques to adequately address current

security threats.

Review the limitations of compliance audits and traditional security audits to accurately articulate risk and provide management an understanding of an organizations current security posture and likelihood of a security breach.

Be able to more effectively communicate the real business impact of IT security audit results and to C-level executives and the audit committee.

Aaron Kerr brings experience, a strong technical skillset, and an ability to communicate technical results within a business context to his clients ranging from local to not-for- profit organizations to the Fortune 50. He has expertise in IT audit, IT risk management, regulatory compliance, process improvement, ISO readiness and compliance, IT security reviews, and special projects. Kerr focuses on leading co-sourced and outsourced internal audit projects that include IT risk assessments, IT internal controls reviews, IT infrastructure reviews, and IT applications reviews. He began his career at Protiviti as a technical risk consultant developing a knowledge base of business process areas including logistics, AP/AR processing and financial management strategies with clients in the energy/utilities, manufacturing, financial services, and government contracting industries. Kerr also gained experience at Constellation Energy Group, where he led their IT and regulated utility audit teams, responsible for managing the audit portfolio for both IT and Baltimore Gas & Electric. Jim Sipe is a Certified Information Systems Auditor (CISA) and is a professional member of the Institute for Internal Auditors (IIA), Information Systems and Audit Control Association (ISACA) and National Incident Management (NIMS) 100 and 700 certifications through FEMA and the Department of Homeland Security. Jim holds a Bachelor of Science in English from Millersville University. Jim has held leadership roles in both IT Audit and IT Security in the manufacturing, banking, and leasing industries in more than 35 countries across North and South America, APAC and EMEA. Jim has acted as an advisor on Legal, Forensic, and International Laws and Data Governance including International Safe Harbors, EU privacy laws, and country-specific legal restrictions in China, Russia and the Middle East. He has also led, scoped, and performed audits and the implementations of standards for SOX, SOC II, HIPAA, GRC, COBIT, COSO, ISO, PCI, CC, PRINCE2, KT Project Management, ITIL, GTAG, ITGI, DHS-RBPS, and NIST. Jim has successfully directed work on major projects including multinational data center implementations and consolidations, disaster recovery/BCP, network consolidation design, telecommunications design, evaluation, and implementation. In Jim’s 10+ years in IT Security, Compliance, Governance, and Audit in both the public and private sectors, he became an expert in the field and now serves as Senior Manager of IT Security Services at ClearView. He leads engagements that identify, evaluate and report on information security risks that meets compliance and

regulatory requirements, and aligns with and supports the risk posture of the client. CS 7-2 2016 State of Internal Audit Profession Jason Pett Partner PwC James Hunt Audit Committee Chair Children's Hospital of Los Angeles Katherine Findlay Vice President, Internal Audit Southwest Airlines Robert Herz Audit Committee Chair Morgan Stanley Sean Torcasi Partner PwC In this session, participants will:

Discuss findings from the most recent of PwC’s State of the Internal Audit Profession study.

Explore trend data and its potential impact on today’s internal auditor.

Compare this study’s findings with previous years.

Identify perspectives on what internal audit functions can do to enhance their effectiveness while supporting stakeholders in their achievement of broader organizational objectives.

Jason Pett is a leader in the Risk Assurance practice and has been delivering external audit and internal audit services for more than 20 years. His extensive experience also includes providing enterprisewide risk assessments and efficient, risk-based internal audit plans to leading global and national organizations in a variety of industries. Pett has assisted organizations in the design of start-up internal audit functions as well as working with companies to transform existing internal audit functions into value added,

risk based, and strategically aligned functions. He helped conceptualized and develop the first Risk Assurance Innovation Center, a hub for planning, developing, and executing new ideas and emerging solutions to enhance service delivery and address clients’ complex emerging risks, business issues, and operational challenges. Pett is a co-author of PwC's annual Risk in Review and State of the Internal Audit Profession studies. He is also is a frequent speaker on the topics of compliance, internal audit, risk management, and control. Katherine Findlay joined SWA’s internal audit group in 1993 before moving into the finance organization as director of maintenance finance and budgets. Since that time, she has led both financial and operational groups, and returned to internal audit, which champions compliance and offers practical solutions to improve business operations and assist in corporate governance, in 2010. Findlay has received SWA’s prestigious “Leading by Example” and “Winning Spirit” awards. Prior to joining SWA, she was a financial auditor at Ernst & Young. Findlay is member of the University of Texas at Dallas (UTD) Internal Audit Education Partnership (IAEP) Advisory Board as an advocate for the profession, continuing to host students and visitors as they explore careers in internal auditing. Bob Herz provides consulting services on financial reporting and other matters for clients around the world. His also serves on numerous boards of directors and board committees including Fannie Mae; Morgan Stanley, where he also chairs the Audit Committee; Workiva Inc.; itBit Trust Company; the Sustainability Accounting Standards Board; the Independent Investment Committee of UNOPS; Herz is also on the advisory boards of AccountAbility and the Manchester Business School in England, serves as an ambassador for the International Integrated Reporting Council (IIRC), and as a member of the Audit Committee Chair Advisory Council of the National Association of Corporate Directors. He is also an executive in residence and member of the faculty of the Columbia Business School and serves on the Standing Advisory Group of the U.S. Public Company Accounting Oversight Board, the Financial Reporting Faculty Advisory Group of the Institute of Chartered Accountants in England and Wales, and the Accounting Standards Oversight Council of Canada. Previously, Herz was chair of the Financial Accounting Standards Board (FASB) from 2002 to 2010 and was one of the original members of the International Accounting Standards Board. He was a partner with PricewaterhouseCoopers for many years, including serving as audit partner on numerous major companies, as head of the firm’s Corporate Finance Advisory Services, as senior technical partner, as member of the firm’s U.S. and Global Boards, and as president of the Coopers & Lybrand and PricewaterhouseCoopers foundations. He has chaired a number of professional committees, including the IFAC Transnational Auditors Committee and the AICPA SEC Regulations Committee, has served on numerous

public policy commissions, and testified at Congressional hearings. Herz was also a trustee and vice chair of the Kessler Foundation. He has authored or coauthored six books and more than 50 articles and published papers and is a frequent speaker at major financial reporting and business conferences. He is a member of the Accounting Hall of Fame. CS 7-3 Building a "Top Gun" Audit Team Chris Doxey Consultant, Internal Controls and Business Process Best Practice Doxey, Inc. In this session, participants will:

Discuss “three pillars” to help audit managers and CAEs build and enhance the performance of their staffs.

Learn to leverage leadership, communication, and timeless teamwork skills that are transportable throughout one’s career.

Explore how the concepts used by “Top Gun” fighter pilots can impact audit teams.

Lay the groundwork with an implementation roadmap. Chris Doxey spent most of her career implementing “top gun” leadership teams in her quest to fight fraud and implement internal controls at Digital Equipment Corporation, Compaq Computer Corporation, and Hewlett Packard. She held senior finance and accounting positions in which she developed and implemented standards of internal control for the procure to pay (P2P) process, financial operations, and logistics. Doxey was recruited to assist WorldCom (MCI) with the implementation of internal controls, policies, and corporate governance in 2003 and developed a program for entity-level internal controls. She also developed ethics training plans and programs, implemented delegation of authority and segregation of duties policies, and systems access controls. Doxey developed the controller's certification program for the Institute of Finance and Management (IOFM) and the certified procure to pay (P2P) professional program for PayStream Advisors. She is a published author and sought-after speaker.

CS 7-4 Managing Third Party Risk: What You Don't Know May Hurt You Alfredo Avila Senior Counsel Baxter International Graham Murphy Principal KPMG In this session, participants will:

Discover practical approaches to third-party risk management.

Identify drivers for due diligence.

Use technology-based solutions to increase efficiency and effectiveness. Alfredo Avila is responsible for compliance programs for the global enterprise and has oversight of Latin America compliance operations, developing and implementing the company’s global compliance strategy and collaborating with global business leads to establish legal and compliance programs. Avila is involved in the company’s acquisition program, including due diligence, risk assessment, and post-acquisition integration. Specifically, he has experience working to identify compliance issues, build integration plans, and execute business integration while the company was under an existing Deferred Prosecution Agreement (DOJ) and a Cease and Desist Order (SEC). He has experience presenting to the DOJ and SEC as well as board of directors, audit and finance committees, and executive leadership teams. Graham Murphy leads the KPMG Midwest forensic practice and is the company’s forensic national industry coordinator. He also leads risk consulting third-party risk management and serves as the U.S. leader for Astrus – KPMG’s third-party integrity due diligence solution – advising companies on third-party risk management programs and providing integrity due diligence services. Murphy has conducted numerous financial investigations that have included alleged earnings management, contract compliance, theft and misappropriation of assets, conflict of interest issues, and more. He has testified for the SEC, given deposition testimony in civil matters, and has appeared as an expert witness before the Ontario Court (General Division) and the Ontario Municipal Board. Murphy has an extensive background in business valuations, quantifications of damages and other financial investigations.

CS 7-5 Understanding and Managing Stakeholder Expectations Patricia K. Miller, CIA, CRMA, QIAL Partner (Retired) Deloitte & Touche LLP Patty Miller is an experienced internal audit professional with expertise in governance, risk management, and internal control, and significant consulting and managerial experience in finance, accounting, internal auditing, and risk management. Miller worked with Deloitte & Touche for 14 years before founding her own consulting firm, PKMiller Risk Consulting, LLC. She has been active in global leadership roles with The IIA and currently serves as chairman of the International Internal Audit Standards Board. Miller is a frequent speaker on governance, control and risk management topics, and has co-authored research projects and articles for The IIA Research Foundation and Internal Auditor magazine. CS 7-6 In Conversation With… Audit Committee Expectations Kathy Anderson, CRMA Managing Director, North American Advocacy The IIA Peter Gleason President National Association of Corporate Directors In this session, participants will:

Understand key priorities for audit committees today.

Address asymmetric information risk and its impact on board and audit committee work.

Discuss best practices for reaching the audit committee – what they need vs. what they get.

Talk about linking priorities – what this means, why it’s important, and how to do it.

Kathy Anderson is instrumental in designing, implementing, and coordinating The IIA’s advocacy efforts to promote and elevate the profession of internal auditing. She is responsible for the development and implementation of the Advocacy Department’s communications strategy, which informs members, leaders, and stakeholders about the profession and The IIA’s advocacy efforts. Prior to joining The IIA, Anderson had more than 20 years of experience with the Florida Institute of Certified Public Accountants, most recently in the role of CEO and Executive Director for six years. She also served seven years as executive director of the South Carolina Association of Certified Public Accountants. She is a graduate of the U.S. Chamber of Commerce’s six-year association management program, as well as the year-long Leadership Tallahassee program sponsored by the Tallahassee and Florida Chambers of Commerce. She is a past president of both the Florida Society of Association Executives Foundation and president of Tallahassee Society of Association Executives (TSAE), and received TSAE’s first Executive of the Year Award. In addition, Anderson served as president of the CPA-SEA, an organization comprising CEOs of all the U.S. state CPA societies. She was recently appointed to the Board of Trustees of the FSAE Foundation as well as serving as the Chairman of the FSAE’s membership and finance committees. Peter Gleason is a recognized expert on board leadership and corporate governance. He serves as a member of NACD’s national faculty, is regularly quoted in the national media, and is a frequent presenter on the subjects of corporate governance, executive and director compensation, risk, strategic planning, board-shareowner relations, and board evaluation. He has served as a commissioner on every NACD Blue Ribbon Commission report issued over the past 14 years, including the most recent releases on Strategy Development, Talent Development, and Board Diversity. Gleason also serves as Treasurer for the NACD Board of Directors and oversees NACD’s Research Department, which produces guidance on leading practices to enhance board performance. He is a member of the Board of Nura Health, Inc., serves as chair of The IIA’s International Professional Practices Framework Oversight Council, and is a director of the Capital Area Chapter of NACD. He was formerly a director of The Patriot Fund and was also a member of the Executive Advisory Panel for the Open Compliance and Ethics Group (OCEG). Before joining NACD, Gleason was a management consultant with both EY and Pritchett & Associates. In addition, Gleason spent eight years in the research department at Institutional Shareholder Services including roles as vice president and director of U.S. Research. CS 8-1

Auditing the IT Department in a Digital World Elizabeth Tate Chief Auditor, Global Consumer Technology Citi Bank In this session, participants will:

Need for a different IT support and development approach to be competitive against less regulated companies.

The changing risk appetite in a digital world.

The different development approaches and controls required.

IT Support and IT Audit skill-sets required to meet the changing technology.

Maintaining the “legacy” assurance. Beth Tate oversees a global team responsible for auditing the global consumer IT organizations at Citi, covering Latin America, Europe, the Middle East and Africa, the Asia Pacific Region, and North America. While at Citi, Tate has helped shape the IT risk framework through her work on the IT Policy Council, the IT Risk Transformation project, IT Governance Assessment, and development of the Global Consumer Technology Risk Assessment Framework. She serves on the Board of Directors for the United Way of Northeast Florida and is a member of the executive council of the United Way Women in Local Leadership. She serves as a mentor in the United Way Stein Fellowship. CS 8-2 Assurance Mapping and the Second Line of Defense Kiko Harvey Chief Audit Executive Delta In this session, participants will:

Discuss an example of how to employ assurance mapping in the ERM process to identify control monitoring activities and gaps.

Learn practical approaches to coordinating the work of an organization’s compliance organizations, such as Corporate Compliance, Loss Prevention, Safety and Security, Human Resources, during an investigation.

Review when to get executives involved and when to resolve without “all hands on deck.”

Kiko Harvey is responsible for providing a broad range of financial and IT audit services to Delta worldwide through internal and co-sourced staffing arrangements, and coordinating Delta’s ERM activities. Her team is also responsible for performing management’s testing of IC-FR under the Sarbanes-Oxley Act. She joined Delta Air Lines in 2009 from Starbucks Coffee Company, where she was the vice president of internal audit. Harvey has also held finance positions at Taco Bell Corp. and was a senior audit manager at Price Waterhouse. She has served on The IIA’s Professional Issues Committee and completed a two year appointment to the PCAOB’s Standing Advisory Group (SAG). CS 8-3 Building a Team With a Powerful Brand Harold Silverman, CIA, QIAL, CRMA Vice President, Internal Audit Wendys Session details being finalized Harold Silverman has overseen the internal audit department since he joined Wendy’s in 2012. He has served in internal audit leadership roles with Houghton Mifflin Harcourt Publishing Company, Raytheon, and PwC. He gained experience in external auditing early in his career at Arthur Andersen. Silverman has served a number of leadership roles with The IIA and currently sits on the Global Executive Committee as the vice chairman of Professional Certifications. CS 8-4 What Every CAE must know to take Data Analytics to the Next Level Mark Salamasick, CIA, CRMA Executive Director of Audit University of Texas System Warren Stippich, CIA Partner, National Governance, Risk and Compliance Leader Grant Thornton In this session, participants will:

Learn how to use the data analytics framework to accomplish multiple audit

objectives.

Discuss increasing internal audit’s value by leveraging data analytics.

Identify ways to enhance internal audit’s efficiency through the use of data mining and analytics.

Engage in a discussion on the future of data analytics. Mark Salamasick teaches Internal Auditing, IT Audit, and Risk Management and Advanced Auditing at UTD, the largest graduate internal audit program in the world. He is also an independent audit and risk management consultant. Salamasick was previously with Bank of America for over 20 years, serving the last two years as senior vice president of internet/intranet services and as senior vice president and director of IT audit before that. The previous 18 years with the bank was spent in the internal audit group with experience in technology, financial, and operational auditing. Prior to joining Bank of America, he was a senior consultant with Accenture (Andersen Consulting). Salamasick served as a co-author on all three editions of Internal Auditing: Assurance and Consulting Services, published by The IIA Research Foundation and the world’s best-selling internal audit text. He also wrote Auditing Outsourced Functions, 2nd edition, for The IIARF. In addition, he was the primary researcher for The IIARF’s PC Management Best Practices project, resulting in a 15-city tour. During his career, Salamasick has served in a number of leadership roles within The IIA on a local and national level, and The IIARF. In 2005, he was named Leon R. Radde Educator of the Year by The IIA. Warren Stippich, Jr. has over 25 years’ experience working with multinational, entrepreneurial, and high-growth public companies, including boards of directors and audit committees. Stippich brings experience to the business risk consulting and internal audit services areas from both the public accounting firm and industry perspectives. He leads many Sarbanes-Oxley consulting, internal audit services including quality assurance review projects for a wide array of publicly traded and private businesses with international operations. He has worked extensively with international internal audit, Sarbanes-Oxley and business consulting assignments in around the world. He has lectured and is published on governance, risk, and compliance and is quoted extensively in the media. CS 8-5 Vendor Risk Management: An Internal Audit Perspective Remonde Brangman, CRMA National Risk Management Leader CBIZ, Inc.

In this session, participants will:

Understand vendor risk management and examine best in-class models.

Explore internal audit’s role in assessing and monitoring vendor engagements.

Hear case studies from internal audit peers about their role in progressing vendor risk management.

Remonde Brangman has more than 30 years of experience providing governance, risk, and internal controls advisory services to leading corporations, not-for-profits, and governmental organizations, including several local government agencies in the United States and foreign governments. He is a seasoned forensic accountant with more than 20 years of fraud investigation and forensic accounting experience. Brangman has been responsible for leading CBIZ’s national vendor risk management practice since 2009, and has worked with a variety of organizations, including Fortune 100 companies, to provide best practice guidance and develop comprehensive vendor risk management programs. CS 8-6 In Conversation With… Who Owns Risk? Paul Sobel, CIA, QIAL, CRMA Vice President and Chief Audit Execuitve Georgia Pacific LLC Michael Joyce, CIA, CRMA Chief Auditor and Compliance Officer Blue Cross Blue Shield Association In this session, participants will

Use the CBOK report, Who Owns Risk? A Look at Internal Audit’s Changing Role, to better understand the extent of formal risk management in organizations around the world and how it has changed.

Discuss internal audit's positioning within risk management and how that fits with the Three Lines of Defense.

Examine internal audit's risk management responsibilities related to assurance and audit plan coverage.

Identify risk assessment approaches and risk competencies.

Receive 13 key actions that will auditors be better positioned to meet growing stakeholder demands around risk.

Paul Sobel is vice president/CAE for Georgia-Pacific, LLC. He previously served as the CAE for three public companies and in Arthur Andersen’s business risk consulting practice. Sobel has published three books, the first of which was Auditor’s Risk Management Guide: Integrating Auditing and ERM. He co-authored the textbook sponsored by The IIA’s Research Foundation, Internal Auditing: Assurance and Consulting Services. His most recent book is titled Enterprise Risk Management: Achieving and Sustaining Success. Sobel currently serves on The IIA’s Board of Directors and Executive Committee. In the past he served as chairman of the board, senior vice chairman, and other leadership roles within The IIA Research Foundation. In 2012 he was recognized in Treasury & Risk Magazine’s list of 100 Most Influential People in Finance. He has also served on the Standing Advisory Group of the PCAOB and as The IIA’s representative on the Pathways Commission, which developed recommendations to enhance the future of accounting education in the United States. Mike Joyce has more than 32 years of professional experience. He has served in his current role at BCBSA since 1999, directing the internal audit, national anti-fraud, and compliance staff functions. In addition, Joyce is responsible for development of BCBSA sponsored compliance, anti-fraud, and internal audit related training programs for BCBS licensees. Prior to joining the Association, he served for two years as director of internal audit and controller for Rush Prudential Health Plans (now Unicare), responsible for directing all internal/external financial reporting, treasury, accounts payable, receivable, and payroll functions. Joyce previously held a variety of management positions with the JCPenney Company’s internal audit department, including responsibility for the internal audit activities at the JCPenney Life Insurance Company. He has served in local, regional, national, and international volunteer leadership positions with The IIA for many years, and also serves as the Public Member Commissioner and member of the Finance & Audit Committee for the Commission for Case Manager Certification (CCMC), in Illinois. In addition, he serves on the Advisory Board for DePaul University’s Internal Audit Education Partnership Program (IAEP).

Tuesday March 8, 2016 4:30-5:30 P.M. CS 9-1 Auditing IT Governance and Its Key Role in Mergers and Acquisitions

Thierry Dessange, CRMA Vice President, Technology Audit Visa In this session, participants will:

Discuss why IT governance needs to be audited.

Understand how auditing IT governance reduces merger and acquisition risks.

Identify governance standards and frameworks that can be leveraged.

Develop an achievable scope and testing approach.

Learn how to sell the results and partner with management for future success. Thierry Dessange maintains strategic relationships with audit stakeholders by positioning internal audit as a valued partner in helping stakeholders achieve business goals, including providing assurance and validation of the control environment through audits, pre-implementation reviews, ongoing consulting, and serving on various committees. Prior to joining Visa, Dessange was director of IT audit at Safeway Inc. where he built and oversaw the IT Audit function. Before Safeway, he managed IT, financial, and operational audits worldwide for Barclays Global Investors (BGI - now BlackRock). Prior to BGI, Dessange held various IT audit positions at Bank of America. He is recognized as an audit profession thought leader and speaks by invitation at national and local audit profession conferences/forums each year. CS 9-2 Strategies for Marketing Yourself for a Seat on the Board Charles T. Wright, CIA Vice President, Internal Audit Devon Energy In this session participants will:

Learn techniques to position yourself for appropriate board roles.

Discover the best approach for contacting search firms.

Understand the skills search firms are looking for in board members.

Review resume styles that highlight your unique skill sets.

Discuss effective ways to market yourself. Charlie Wright oversees internal audit activities at one of the world's leading independent oil and gas exploration and production companies. Prior to joining Devon in 2005, he served as general auditor at American Airlines.

CS 9-3 A Generational Approach to Building a Strong Team Paulette Mullings Bradnock Chief Audit Executive BNY Mellon In this session, participants will:

Learn about the definitions and typical characteristics of the three generations currently comprising most of today’s work force: Baby Boomers, Generation X, and Generation Y/Millenials.

Understand key issues related to recruiting and hiring candidates who will be successful contributors to an inter-generational team.

Understand key management challenges relating to growing talent on an inter- generational team.

Learn what works for engaging, motivating, and rewarding generations to retain the right people on a team with three generations of employees.

Paulette Mullings Bradnock oversees the organization’s internal audit function. She joined BNY Mellon in 2015 and is a member of the company's Operating Committee. Bradnock started her career at Chemical Bank, worked at Chase Manhattan and its successor company JPMorgan Chase, and then joined American International Group, Inc. (AIG), where most recently she served as senior vice president and CAE. She serves on the board of the Make-A-Wish Foundation of Metro and Western New York and as chair of their audit committee. CS 9-4 How Successful Contract Compliance Programs Can Light the Path to a Higher Performing Internal Audit Department Jonathan Kurtz Partner Simplify Contract Compliance Solutions, LLC Monica Agostinelli Chief Audit Executive Waste Management In this session, participants will:

Learn the 5 most critical focus areas required from internal audit departments

intent on auditing strategically and delivering real value to their organizations.

Understand and see the value in using big data.

Define real return on investment and learn how to deliver it.

Identify and quantify risks and root causes.

Use a case study as a blueprint for partnering with the business effectively: fairly, transparently and with “Emotionlessness.”

Jonathan Kurtz has nearly 20 years of experience providing value-generating services to clients, including leadership positions with Big 4 and recovery audit firms. He has audited hundreds of contracts covering a multitude of business relationships and industries, and developed and leveraged technology solutions and intellectual property to maximize profits and recoveries for his clients, while bringing transparency and accountability to his clients’ critical business relationships. Kurtz has also presented to various trade associations and written extensively on optimizing internal audit departments and contract compliance programs, including Diagnosing and Treating Profit Leakage Through Effective Contract Compliance; Maximizing Internal Audit: A 10 step imperative for thriving in a challenging economy; Product Warranty and Support Abuse: Saving companies’ financial health and brand; and more. Monica Agostinelli oversees the internal audit department that provides independent, objective assurance and advisory services designed to optimize operational efficiency, control costs, and improve the underlying control infrastructure. She and her team work with the business to facilitate strategic risk identification to its strategic objectives and to bring a systematic approach to evaluate and improve the effectiveness of risk management, control, and governance processes. In prior roles at Waste Management, and as a consultant providing business advisory services, Agostinelli has worked with businesses to realize tangible successes in operations, ERM, financial close and reporting, and supply chain optimization. She has delivered focused, customized, value- added solutions that allow businesses to strategically react to industry and market changes. CS 9-5 Building a Data Analytics Program Robert Berry, CIA Senior Director, Office of Internal Audit University of Florida

In this session, participants will:

Assess technology solutions and talent needed to meet organizational goals.

Understand the types of data required by audit and establishing a comfort level with data governance.

Determine how the data will be used (i.e., audit planning, engagements, continuous auditing)

Analyze and validate data using common queries, and communicating results to make and impact.

Robert Berry has spent his career improving people, processes, and profits. Many years ago, he realized that while technical skills are important, successful auditors are also emotionally aware. As a result, his presentations connect the dots between theoretical standards, office personalities, and real world processes. By constructively challenging the status quo, he has helped organizations save millions of dollars. Berry has 20 years of business experience in various industries and has worked in Fortune 500 organizations, large private companies, and a Big 4 accounting firm. He is an author, educator, and advocate for the internal auditing profession. CS 9-6 In Conversation With.. Relationship Management Between Audit and the Business Jeffrey Stone, CIA, CGAP, CRMA Chief Audit Executive Duke Energy Paul Sobel, CIA, QIAL, CRMA Vice President and Chief Audit Executive Georgia Pacific LLC In this session, participants will:

Share best practices for maintaining relationships with key business leaders while maintaining an appropriate level of distance.

Discuss how best to incorporate knowledge sharing into audit plans.

Share experiences in delivering tough messages to the business.

Jeff Stone provides executive oversight for the internal audit function, and is responsible for establishing the audit function’s strategic direction, ensuring the execution of a risk-based audit approach, attracting and developing professional talent, and acting as the function’s interface with the Audit Committee and executive management. Previously, he served as vice president, controller, and chief accounting officer for Progress Energy. He assumed his current position in 2012, following the Duke Energy/Progress Energy merger. Stone joined the company in 1989 and has held a number of leadership roles, including vice president of capital planning, executive director of financial planning and regulatory services, as well as various management positions in accounting, audit services, and energy supply. Prior to joining the company, Stone was an audit manager with Deloitte & Touche. Paul Sobel is vice president/CAE for Georgia-Pacific, LLC. He previously served as the CAE for three public companies and in Arthur Andersen’s business risk consulting practice. Sobel has published three books, the first of which was Auditor’s Risk Management Guide: Integrating Auditing and ERM. He co-authored the textbook sponsored by The IIA’s Research Foundation, Internal Auditing: Assurance and Consulting Services. His most recent book is titled Enterprise Risk Management: Achieving and Sustaining Success. Sobel currently serves on The IIA’s Board of Directors and Executive Committee. In the past he served as chairman of the board, senior vice chairman, and other leadership roles within The IIA Research Foundation. In 2012 he was recognized in Treasury & Risk Magazine’s list of 100 Most Influential People in Finance. He has also served on the Standing Advisory Group of the PCAOB and as The IIA’s representative on the Pathways Commission, which developed recommendations to enhance the future of accounting education in the United States.

Wednesday March 9, 2016 8:30-9:45 A.M. GS 4 The Next President 2016: What’s At Stake Todd Buchholz

Economist Expert In this session, participants will:

Be taken inside the hottest debates in Washington and on the campaign trail.

Discuss which candidate is best equipped to bring the Republican Party back into the White House.

Explore the shallow field of Democratic candidates in the campaign.

Debate what the final year of President Obama’s tenure may hold and how he may reshape the business landscape while facing up to a GOP-controlled Congress.

And much more on the globalization of our economy and whether the Washington sweepstakes makes life easier or tougher for your company’s profits and its share price.

Todd Buchholz is the former White House director of economic policy and past managing director of the $15 billion Tiger hedge fund. He has both crafted economic policy as a public servant and invested in the market. Buchholz discusses how to interpret strategy-altering phenomena for wiser, sounder investments, providing a snapshot of the market to come: what companies are on the right track to success, what you can learn from them, and to benefit from their successes. Buchholz explores critical issues, conveys practical survival tactics, and offers tips on adapting to the ever- changing global economy. Buchholz, a contributing editor for Worth magazine, has authored numerous books, including Market Shock, New Ideas from Dead Economists, From Here To Economy, Bringing the Jobs Home, and more. His current project is The Price of Prosperity: Why Nations Fail and How to Renew Them, being published in 2016.

Wednesday March 9, 2016 10:00-11:15 A.M. GS 5 Leading Change in a Fast Paced and Technological Workplace Cheryl Cran

Author and Renowned Tech Workplace and Leadership Expert In this session, participants will:

Think about harnessing positive stress and leveraging time in an increasingly fast-paced work environment.

Get a clear understanding of how various generations view change, deal with it, and strategies to improve change responses and actions.

Gain insight into your personal change behaviors and tools to leverage your individual ability to adapt more quickly with a positive approach.

Receive tools to lead change with multiple perspectives including emotional intelligence, generation intelligence, and energetic intelligence.

Learn skills to elevate communication to speak to the higher potential of each individual and create unprecedented understanding and commitment to change.

Cheryl Cran, author of five business titles/books and globally in-demand speaker, delivers effective strategies to organizations on how to combine tech savvy with a focus on people – an organization’s most valuable asset – to increase profit, productivity, and innovation. Cran also specializes in distilling for managers why today’s multi- generational workplace requires more adaptability to change and technology than ever before. She also emphasizes increased collaboration, innovation, and leading change as the gateway to future business success. Cran believes that harnessing generation intelligence in the workplace while developing tech savvy, people-centric skills in today’s leaders is the future of business. Using nearly two decades worth of study, audience response surveys, generational focus groups, and employee surveys, Cran’s presentation on leading generations and corporate culture includes real-life examples and case studies along with practical solutions. Cran’s observations, learnings, and results from having worked as a top-performing leader in various industries including finance, construction, oil and gas, forestry, resources, health care, government, film, hotel/hospitality, retail, and entertainment resulted in her establishing her own consultancy, Synthesis at Work, in which she offers her expertise to individual client circumstances to provide customized business solutions. Her change management and business strategies ideas have been featured in trade and business publications around the world as well as radio and television news programs and interviews.